Enable SSL on rabbit/mysql for ironic by default
This patch enables SSL for rabbitmq and mysql connection
in Ironic.
Change-Id: Ia6bbe409ec928e71d7761cedf37e7f59afba1b68
diff --git a/classes/cluster/virtual-mcp11-ovs-ironic/openstack/control.yml b/classes/cluster/virtual-mcp11-ovs-ironic/openstack/control.yml
index 0a88de2..c217e9e 100644
--- a/classes/cluster/virtual-mcp11-ovs-ironic/openstack/control.yml
+++ b/classes/cluster/virtual-mcp11-ovs-ironic/openstack/control.yml
@@ -4,8 +4,11 @@
- system.linux.system.repo.mcp.openstack
- system.linux.system.repo.mcp.extra
- system.linux.system.repo.saltstack.xenial
+- system.salt.minion.cert.mysql.server
+- system.salt.minion.cert.rabbitmq_server
- system.memcached.server.single
- system.rabbitmq.server.cluster
+- service.rabbitmq.server.ssl
- system.rabbitmq.server.vhost.openstack
- system.keystone.server.wsgi
- system.keystone.server.cluster
@@ -24,6 +27,7 @@
- system.haproxy.proxy.listen.openstack.nova-placement
- system.heat.server.cluster
- system.galera.server.cluster
+- service.galera.ssl
- system.galera.server.database.ceilometer
- system.galera.server.database.cinder
- system.galera.server.database.glance
@@ -40,6 +44,7 @@
keepalived_vip_interface: ens4
cluster_vip_address: ${_param:openstack_control_address}
cluster_local_address: ${_param:single_address}
+ salt_minion_ca_host: cfg01.${linux:system:domain}
linux:
system:
package:
@@ -107,3 +112,12 @@
notification:
driver: messagingv2
topics: "notifications,${_param:stacklight_notification_topic}"
+ ironic:
+ api:
+ message_queue:
+ port: ${_param:rabbitmq_port}
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
+ database:
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}